Logstash Log4j Update

We are using opensource versions of logstash docker Images.
Our security team found that these images contain log4j-core-2.17.0.jar which is found to be vulnerable.
Can someone provide us an update as of when will be newer version of image available with updated version of log4j-core-2.17.1.jar

Welcome to our community! :smiley:

Vulnerable for what exactly?

2.17.1 fixed CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.